Author Topic: Volunteers needed to test existing personal firewalls against new CPIL3 !  (Read 16907 times)

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Hi guys,

We have created a new leak test called CPIL3 which uses a new techhnique to bypass personal firewalls. In our tests all firewalls have failed against this new test. We are going to release another BETA strenghtened against this threat. Before making the test public, we need to make sure our users are safe. So currently, fellow members of Comodo forum, i.e. members having the rank "Comodo's Hero" can access it.

If you would like to test CPIL3, please send a PM to me with your email address so that we can send the test.


Thanks,
Egemen

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
The latest CPF beta seems to stop the injection.

I get a popup with the exe and dll in it.  It mentions that explorer.exe is using a global hook.  Of course I deny the request.

From the output of CPIL3 itself it says that the injection was successful. This is prior to opening up my browser, or trying to, in my case.  Is an injection of this sort something that an AV program or malware program should detect and thus not even allow the injection to take place?  Or are injections a normal and common sort of thing?

« Last Edit: July 27, 2006, 04:02:36 PM by streetwolf »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
The latest CPF beta seems to stop the injection.

I get a popup with the exe and dll in it.  It mentions that explorer.exe is using a global hook.  Of course I deny the request.


Sometimes it should fail because of a bug.  That bug also affects CPF 2.2 which is supposed to pass this test too.

Egemen

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
egemen, I added something to my previous post that you might have missed since you were replying when I was modifying.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
The latest CPF beta seems to stop the injection.

I get a popup with the exe and dll in it.  It mentions that explorer.exe is using a global hook.  Of course I deny the request.

From the output of CPIL3 itself it says that the injection was successful. This is prior to opening up my browser, or trying to, in my case.  Is an injection of this sort something that an AV program or malware program should detect and thus not even allow the injection to take place?  Or are injections a normal and common sort of thing?

Lets not discuss these yet. Lets keep our discussions private until CPIL3 is made public because a new malware can evolve rapidly.

Please do not disclose the test results for other personal firewalls either. Use PM for all correspondence.

Thanks,
Egemen



Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
OK.  Maybe you should lock this thread then.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Egemen on mine it fails.  :'(

I have as default browser opera 9.0
It does not warn at all

-------------
After 20 tests with explorer,firefox and opera here are the results:
1. With "Automatically approve safe applications" on (10 tests):
Opera -> failed
Firefox -> failed
IE -> failed
1. With "Automatically approve safe applications" off (10 tests):
Opera -> failed
Firefox -> failed
IE -> succeded the first test, but failed the other 9
« Last Edit: July 27, 2006, 06:27:06 PM by pandlouk »

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
Tried multiple runs like pandlouk.  Ten consecutive runs resulted in CPF beta blocking it successfully each time using IE6.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Tried multiple runs like pandlouk.  Ten consecutive runs resulted in CPF beta blocking it successfully each time using IE6.



I think if you set component monitor ON, it should always detect. Nonetheless, we classify those versions as failed.


Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Egemen on mine it fails.  :'(

I have as default browser opera 9.0
It does not warn at all

-------------
After 20 tests with explorer,firefox and opera here are the results:
1. With "Automatically approve safe applications" on (10 tests):
Opera -> failed
Firefox -> failed
IE -> failed
1. With "Automatically approve safe applications" off (10 tests):
Opera -> failed
Firefox -> failed
IE -> succeded the first test, but failed the other 9

Can you please try with CPF 2.2 stable version. It must pass independent of the bug it has. BETA versions has this vulnerability. If stable version passes in your tests, then our users will be safe and we can publish the leak test.

Thanks,

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Egemen on mine it fails.  :'(

I have as default browser opera 9.0
It does not warn at all

-------------
After 20 tests with explorer,firefox and opera here are the results:
1. With "Automatically approve safe applications" on (10 tests):
Opera -> failed
Firefox -> failed
IE -> failed
1. With "Automatically approve safe applications" off (10 tests):
Opera -> failed
Firefox -> failed
IE -> succeded the first test, but failed the other 9

For BETA releases, try to test with Component Monitor is ON pls.

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Can you please try with CPF 2.2 stable version. It must pass independent of the bug it has. BETA versions has this vulnerability. If stable version passes in your tests, then our users will be safe and we can publish the leak test.

Thanks,

For BETA releases, try to test with Component Monitor is ON pls.

Egemen I did as you said.

1. Stable version with dafault settings -> 100% success with all 3 browsers ( 5 tests for each browser)

2. Beta version with "C.M." on -> 100% success with all 3  browsers ( 5 tests for each browser)

Release it. The Dragon protects us ;D
 (B) (S) (R)

ps. With the beta with "C.M." on, at reboot it failed  to load-read the "Application Monitor from registry". It was "error 6" or 16 (I don't remember :-\ ). It happened twice.
« Last Edit: July 28, 2006, 04:07:56 AM by pandlouk »

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Why my internal IP is being revealed?
« Reply #12 on: July 28, 2006, 04:48:50 AM »
Melih please check this link

http://www.auditmypc.com/free-spyware-removal.asp

It reveals my internal IP. How come this happens?
---------

http://serversniff.net/browser_header.php
It has to do with java but how can I fix it?

Egemen do you know if it can be fixed. I have not found any tweaks at the java panel that fixes it. Is it possible to block such data of the browser header with CPF or with the router?
« Last Edit: July 28, 2006, 08:42:09 AM by pandlouk »

Offline drAgon

  • Comodo Member
  • **
  • Posts: 40
Re: Why my internal IP is being revealed?
« Reply #13 on: July 28, 2006, 06:42:30 AM »
Melih please check this link

It reveals my internal IP. How come this happens?
---------


Same here :(
It's very, very bad :o

Offline streetwolf

  • Comodo Loves me
  • ****
  • Posts: 139
It is my understanding that the world knowing your Internal IP address is not a security breach.  Just as knowing your 'real' IP is no big deal. 

Am I correct about this?  If not, someone more knowledgeable then myself please enlighten me.  :)

 

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek